British Hacker Admits Role in Scattered Spider Cyberattacks, Faces 20+ Years
Breaking: Senior Scattered Spider Member Pleads Guilty
A 24-year-old British man, identified as a senior member of the notorious cybercrime group Scattered Spider, has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan, known online as Tylerb, admitted orchestrating text-message phishing campaigns that breached at least a dozen major tech companies in 2022.

Federal prosecutors say the attacks led to the theft of tens of millions of dollars in cryptocurrency from individual investors. Buchanan now faces a potential sentence of more than 20 years in U.S. federal prison.
How the Attacks Unfolded
Buchanan admitted conspiring with other Scattered Spider members to launch thousands of SMS-based phishing attacks in the summer of 2022. These attacks targeted companies including Twilio, LastPass, DoorDash, and Mailchimp.
Once inside, the group stole credentials and customer data, which they used to execute SIM-swapping attacks against cryptocurrency investors. In a SIM-swap, criminals take over a victim's phone number to intercept one-time passcodes and password reset links. The Justice Department said Buchanan alone admitted stealing at least $8 million in virtual currency from victims across the United States.
“This guilty plea is a critical step in dismantling one of the most brazen cybercrime rings targeting American companies and investors,” said a senior FBI cybercrime official. “Buchanan’s cooperation will help us trace the full scope of Scattered Spider’s operations.”
Background: The Scattered Spider Group
Scattered Spider is an English-speaking cybercrime syndicate known for social engineering tactics. Members frequently impersonate employees or contractors to trick IT help desks into granting network access. The group has been linked to ransomware attacks on major organizations, including the British retail chain Marks & Spencer in 2024.

Buchanan’s hacker handle “Tylerb” once topped leaderboards tracking the most accomplished cyber thieves in English-language criminal forums. He was arrested in Spain after fleeing the U.K. in February 2023, following a violent home invasion by a rival gang that assaulted his mother and threatened him with a blowtorch.
What This Means
Legal experts say Buchanan’s guilty plea sends a strong deterrent message to cybercriminals who believe they can operate from overseas. “The U.S. justice system has shown it will pursue these actors relentlessly, even when they attempt to hide behind international borders,” said a former federal prosecutor.
The case also highlights the growing threat of SIM-swapping and phishing. Industry analysts warn that companies must adopt stronger authentication methods, such as hardware security keys, to protect against social engineering attacks. Buchanan’s sentencing is scheduled for later this year.
Reporting contributed by sources familiar with the investigation.
Related Articles
- Shielding Your Software Supply Chain: Lessons from the Mini Shai-Hulud Compromise of Lightning and Intercom Packages
- 10 Essential Facts About Ghost in the Shell: The Cyberpunk Masterpiece
- Modernizing Kubernetes Secret Lifecycle with Vault Secrets Operator
- 5 Key Updates Meta Is Making to End-to-End Encrypted Backups
- Critical Vulnerability in Google Gemini CLI Could Allow Remote Code Execution (CVSS 10)
- Breaking: Kimsuky Hackers Deploy Advanced PebbleDash Malware in Campaigns Targeting South Korea and Beyond
- Urgent Linux Kernel Update: Seven Stable Branches Patched for High-Severity CVE-2026-46333
- Pro-Iran Hacktivists Say They Wiped Data at Medical Giant Stryker, Forcing Mass Evacuation